I'm a privacy pragmatist, writing about the intersection of law, technology, social media and our personal information. If you have story ideas or tips, e-mail me at khill@forbes.com. PGP key here.
These days, I'm a senior online editor at Forbes. I was previously an editor at Above the Law, a legal blog, relying on the legal knowledge gained from two years working for corporate law firm Covington & Burling -- a Cliff's Notes version of law school.
In the past, I've been found slaving away as an intern in midtown Manhattan at The Week Magazine, in Hong Kong at the International Herald Tribune, and in D.C. at the Washington Examiner. I also spent a few years traveling the world managing educational programs for international journalists for the National Press Foundation.
I have few illusions about privacy -- feel free to follow me on Twitter: kashhill, subscribe to me on Facebook, Circle me on Google+, or use Google Maps to figure out where the Forbes San Francisco bureau is, and come a-knockin'.

Camera Company That Let Hackers Spy On Naked Customers Ordered By FTC To Get Its Security Act Together

Let’s say you bought an Internet-connected camera for your home so you could keep an eye on your baby, or watch your dog while you were at work, or to make sure your home was secure while vacationing. Or maybe you got it for your office to secure your safe or Big Brother your workers. But what if the company that sold you that camera designed it so poorly that anyone with just a modicum of technical savvy could break into it and watch along with you? That’s what happened to hundreds of people who bought IP cams from TRENDnet, a company that includes “trust” in its tagline. In January 2012, a blogger revealed a security flaw that let curious users spy on women changing, parents checking on babies, and rooms all over the worldworth sticking a camera in. Beyond embarrassment for the company (and its exposed customers) nothing seemed to come of the terrible security mistake… until now. The Federal Trade Commission announced Wednesday that it has ordered TRENDnet to improve the security of its cameras and to warn all of its voyeur-victim customers about the flaw and how to fix it.

Many of these cameras were findable thanks to Shodan, a search engine that crawls the Internet looking for connected devices. Just this morning, we posted a story about the security implications raised by an increasing number of devices — baby monitors, glucose meters, cars, and building controls — that are being connected to the Internet with poor security in place.

“This is the agency’s first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the ‘Internet of Things,’” says the FTC in a press release. “TRENDnet failed to use reasonable security to design and test its software, including a setting for the cameras’ password requirement. As a result of this failure, hundreds of consumers’ private camera feeds were made public on the Internet.”

The FTC is steadily hacking the law to make itself the country’s de facto privacy regulator. In this case, it’s using its right to punish a company for being “unfair” to consumers. But its power is limited: it can’t fine TRENDnet; it can only require it to notify customers, establish “a comprehensive security program” — that includes pen testing its products — and agree to 20 years of privacy audits (just like Facebook and Google). If TRENDnet messes up again after this, the FTC can then fine it up to $16,000 per violation (a power it used to fine Google $22.5 million).

“A small win for us, I guess,” says security researcher Dan Tentler who helped bring public attention to the exposed cameras. “There are MANY other camera manufacturers that exhibit the same problem.”

There may well be more FTC orders to come. “The Internet of Things holds great promise for innovative consumer products and services. But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet,” said FTC Chairwoman Edith Ramirez in a press release.

In the meanwhile, the many people whose cameras are still exposed, despite the press attention, will finally get a heads up from TRENDnet that they’re unknowingly putting on a show for the ‘Net.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

It’s hard to believe these systems are installed without a simple firewall. Even using cheap hardware and open source software, for no other reason than to get useful features for free, while still selling another box for the kit.